Tags 508473 + patch thanks Hi,
> Drupal 6.7 was released today in response to a cross site request > forgeries. Malicious users may cause the superuser (user 1) to execute > old updates that may damage the database. This is described in the > Drupal advisory SA-2008-073 - http://drupal.org/node/345441 I'm not sure if a new upstream release is deemed acceptable by the release team, but in case its not, the stated URL contains a patch, which only fixes the security issue. The patch is available at the following URL: http://drupal.org/files/sa-2008-073/SA-2008-073-6.6.patch Best Regards, Patrick -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
